# FIXME: can remove this constant?
REMOTE_ERROR = "REMOTE_ERROR"
+# The standard I/O file descriptors are redirected to /dev/null by default.
+if (hasattr(os, "devnull")):
+ REDIRECT_TO = os.devnull
+else:
+ REDIRECT_TO = "/dev/null"
+
+
+
def trace_me():
x = traceback.extract_stack()
Writes the new PID to the provided file name if not None.
"""
- print pidfile
pid = os.fork()
if pid > 0:
sys.exit(0)
+ os.chdir("/")
os.setsid()
os.umask(0)
pid = os.fork()
+ os.close(0)
+ os.close(1)
+ os.close(2)
+
+ # based on http://code.activestate.com/recipes/278731/
+ os.open(REDIRECT_TO, os.O_RDWR) # standard input (0)
+
+ os.dup2(0, 1) # standard output (1)
+ os.dup2(0, 2) # standard error (2)
+
+
+
if pid > 0:
if pidfile is not None:
open(pidfile, "w").write(str(pid))
sys.exit(0)
+
def nice_exception(etype, evalue, etb):
- # FIXME: I believe we can remove this function
etype = str(etype)
- lefti = etype.index("'") + 1
- righti = etype.rindex("'")
- nicetype = etype[lefti:righti]
+ try:
+ lefti = etype.index("'") + 1
+ righti = etype.rindex("'")
+ nicetype = etype[lefti:righti]
+ except:
+ nicetype = etype
nicestack = string.join(traceback.format_list(traceback.extract_tb(etb)))
return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ]
up the hostname for that.
"""
# FIXME: this code ignores http proxies (which granted, we don't
- # support elsewhere either. It also hardcodes the port number
- # for the certmaster for now
+ # support elsewhere either.
hostname = None
hostname = socket.gethostname()
# print "DEBUG: HOSTNAME TRY1: %s" % hostname
try:
ip = socket.gethostbyname(hostname)
- # print "DEBUG: IP TRY2: %s" % ip
except:
- # print "DEBUG: ERROR: returning"
return hostname
if ip != "127.0.0.1":
- # print "DEBUG: ERROR: returning 2"
return hostname
- if talk_to_certmaster:
- config_file = '/etc/certmaster/minion.conf'
- config = read_config(config_file, MinionConfig)
-
- server = config.certmaster
- port = 51235
-
- try:
- s = socket.socket()
- s.settimeout(5)
- # print "server, port", server, port
- s.connect((server, port))
- (intf, port) = s.getsockname()
- remote_hostname = socket.gethostbyaddr(intf)[0]
- if remote_hostname != "localhost":
- hostname = remote_hostname
- # print "DEBUG: HOSTNAME FROM CERTMASTER == %s" % hostname
- s.close()
- except:
- s.close()
- raise
-
- # print "DEBUG: final hostname=%s" % hostname
- return hostname
-
# FIXME: move to requestor module and also create a verbose mode
# prints to the screen for usage by /usr/bin/certmaster-request
config_file = '/etc/certmaster/minion.conf'
config = read_config(config_file, MinionConfig)
cert_dir = config.cert_dir
- master_uri = 'http://%s:51235/' % config.certmaster
+ master_uri = 'http://%s:%s/' % (config.certmaster, config.certmaster_port)
# print "DEBUG: acquiring hostname"
hn = get_hostname()
# print "DEBUG: hostname = %s\n" % hn
if result:
# print "DEBUG: recieved certificate from certmaster"
log.debug("received certificate from certmaster %s, storing to %s" % (master_uri, cert_file))
+ if not keypair:
+ keypair = certs.retrieve_key_from_file(key_file)
+ valid = certs.check_cert_key_match(cert_string, keypair)
+ if not valid:
+ log.info("certificate does not match key (run certmaster-ca --clean first?)")
+ sys.stderr.write("certificate does not match key (run certmaster-ca --clean first?)\n")
+ return
cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644)
os.write(cert_fd, cert_string)
os.close(cert_fd)
# in the triggers directory
continue
if ref:
- rc = sub_process.call([file, ref.name], shell=False)
+ rc = sub_process.call([file, ref], shell=False)
else:
rc = sub_process.call([file], shell=False)
except: